+

WO2007067269A3 - Détection de déni de service distribué, à partir du réseau - Google Patents

Détection de déni de service distribué, à partir du réseau Download PDF

Info

Publication number
WO2007067269A3
WO2007067269A3 PCT/US2006/041618 US2006041618W WO2007067269A3 WO 2007067269 A3 WO2007067269 A3 WO 2007067269A3 US 2006041618 W US2006041618 W US 2006041618W WO 2007067269 A3 WO2007067269 A3 WO 2007067269A3
Authority
WO
WIPO (PCT)
Prior art keywords
ddos
network
service
based detection
distributed denial
Prior art date
Application number
PCT/US2006/041618
Other languages
English (en)
Other versions
WO2007067269A2 (fr
Inventor
Orin Paul Reams Iii
Original Assignee
Sprint Communications Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sprint Communications Co filed Critical Sprint Communications Co
Publication of WO2007067269A2 publication Critical patent/WO2007067269A2/fr
Publication of WO2007067269A3 publication Critical patent/WO2007067269A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Détection de déni de service distribué (DDoS), à partir du réseau. L'invention vise à mettre en ouvre un tel service. On échantillonne des données à partir de divers réseaux d'abonné, à destination d'un collecteur, lequel filtre les données pour les clients qui exploitent un tel service ou qui y sont abonnés. Les données filtrées sont remises à un analyseur qui détermine si elles contiennent des paquets DDoS.
PCT/US2006/041618 2005-12-06 2006-10-25 Détection de déni de service distribué, à partir du réseau WO2007067269A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/294,979 US20070130619A1 (en) 2005-12-06 2005-12-06 Distributed denial of service (DDoS) network-based detection
US11/294,979 2005-12-06

Publications (2)

Publication Number Publication Date
WO2007067269A2 WO2007067269A2 (fr) 2007-06-14
WO2007067269A3 true WO2007067269A3 (fr) 2008-01-03

Family

ID=38120262

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/041618 WO2007067269A2 (fr) 2005-12-06 2006-10-25 Détection de déni de service distribué, à partir du réseau

Country Status (2)

Country Link
US (1) US20070130619A1 (fr)
WO (1) WO2007067269A2 (fr)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100370757C (zh) * 2004-07-09 2008-02-20 国际商业机器公司 识别网络内分布式拒绝服务攻击和防御攻击的方法和系统
US7860934B1 (en) * 2007-01-30 2010-12-28 Intuit Inc. Method and apparatus for tracking financial transactions for a user
US20090113039A1 (en) * 2007-10-25 2009-04-30 At&T Knowledge Ventures, L.P. Method and system for content handling
CN101588246B (zh) * 2008-05-23 2012-01-04 成都市华为赛门铁克科技有限公司 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统
US9166990B2 (en) 2009-02-09 2015-10-20 Hewlett-Packard Development Company, L.P. Distributed denial-of-service signature transmission
US20110072515A1 (en) * 2009-09-22 2011-03-24 Electronics And Telecommunications Research Institute Method and apparatus for collaboratively protecting against distributed denial of service attack
TWI492090B (zh) * 2010-01-15 2015-07-11 Chunghwa Telecom Co Ltd 分散式阻斷攻擊防護系統及其方法
US8966622B2 (en) * 2010-12-29 2015-02-24 Amazon Technologies, Inc. Techniques for protecting against denial of service attacks near the source
WO2012115679A1 (fr) * 2011-02-24 2012-08-30 The University Of Tulsa Communication et défense optimales (hyper-vitesse) basées sur un réseau
US8949459B1 (en) 2011-10-06 2015-02-03 Amazon Technologies, Inc. Methods and apparatus for distributed backbone internet DDOS mitigation via transit providers
IN2014DN06766A (fr) * 2012-01-24 2015-05-22 L3 Comm Corp
US8613089B1 (en) 2012-08-07 2013-12-17 Cloudflare, Inc. Identifying a denial-of-service attack in a cloud-based proxy service
CN102932330A (zh) * 2012-09-28 2013-02-13 北京百度网讯科技有限公司 一种检测分布式拒绝服务攻击的方法和装置
US9148440B2 (en) 2013-11-25 2015-09-29 Imperva, Inc. Coordinated detection and differentiation of denial of service attacks
WO2016035083A2 (fr) * 2014-09-06 2016-03-10 Andriani Matthew Test ddos non perturbateur
US10560466B2 (en) * 2015-01-13 2020-02-11 Level 3 Communications, Llc Vertical threat analytics for DDoS attacks
US10193922B2 (en) * 2015-01-13 2019-01-29 Level 3 Communications, Llc ISP blacklist feed
US10432650B2 (en) 2016-03-31 2019-10-01 Stuart Staniford System and method to protect a webserver against application exploits and attacks
US10855719B2 (en) * 2016-09-22 2020-12-01 Verisign, Inc. Automated DDOS attack mitigation via BGP messaging
US11750622B1 (en) 2017-09-05 2023-09-05 Barefoot Networks, Inc. Forwarding element with a data plane DDoS attack detector
US10116671B1 (en) * 2017-09-28 2018-10-30 International Business Machines Corporation Distributed denial-of-service attack detection based on shared network flow information
US11108812B1 (en) 2018-04-16 2021-08-31 Barefoot Networks, Inc. Data plane with connection validation circuits
US20210084067A1 (en) * 2019-09-13 2021-03-18 Level 3 Communications, Llc Scalable ddos scrubbing architecture in a telecommunications network
TWI774355B (zh) * 2021-05-05 2022-08-11 瑞昱半導體股份有限公司 網路交換器以及異常檢測方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020166063A1 (en) * 2001-03-01 2002-11-07 Cyber Operations, Llc System and method for anti-network terrorism
US20030110396A1 (en) * 2001-05-03 2003-06-12 Lewis Lundy M. Method and apparatus for predicting and preventing attacks in communications networks
US20060272018A1 (en) * 2005-05-27 2006-11-30 Mci, Inc. Method and apparatus for detecting denial of service attacks

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398317B2 (en) * 2000-09-07 2008-07-08 Mazu Networks, Inc. Thwarting connection-based denial of service attacks
US6944673B2 (en) * 2000-09-08 2005-09-13 The Regents Of The University Of Michigan Method and system for profiling network flows at a measurement point within a computer network
US7707305B2 (en) * 2000-10-17 2010-04-27 Cisco Technology, Inc. Methods and apparatus for protecting against overload conditions on nodes of a distributed network
US7069337B2 (en) * 2001-03-20 2006-06-27 Mci, Inc. Policy-based synchronization of per-class resources between routers in a data network
US7234168B2 (en) * 2001-06-13 2007-06-19 Mcafee, Inc. Hierarchy-based method and apparatus for detecting attacks on a computer system
US7028179B2 (en) * 2001-07-03 2006-04-11 Intel Corporation Apparatus and method for secure, automated response to distributed denial of service attacks
JP2005277804A (ja) * 2004-03-25 2005-10-06 Hitachi Ltd 情報中継装置
WO2005093576A1 (fr) * 2004-03-28 2005-10-06 Robert Iakobashvili Visualisation de performances de reseau a commutation par paquets, analyse et optimisation de conception associees

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020166063A1 (en) * 2001-03-01 2002-11-07 Cyber Operations, Llc System and method for anti-network terrorism
US20030110396A1 (en) * 2001-05-03 2003-06-12 Lewis Lundy M. Method and apparatus for predicting and preventing attacks in communications networks
US20060272018A1 (en) * 2005-05-27 2006-11-30 Mci, Inc. Method and apparatus for detecting denial of service attacks

Also Published As

Publication number Publication date
US20070130619A1 (en) 2007-06-07
WO2007067269A2 (fr) 2007-06-14

Similar Documents

Publication Publication Date Title
WO2007067269A3 (fr) Détection de déni de service distribué, à partir du réseau
US11736440B2 (en) Methods and systems for efficient adaptive logging of cyber threat incidents
AU2002213264A1 (en) Methods and apparatus for protecting against overload conditions on nodes of a distributed network
US7845004B2 (en) Correlating network information and intrusion information to find the entry point of an attack upon a protected computer
US8650295B2 (en) Managing network security
KR101110956B1 (ko) 트래픽 분류 방법 및 트래픽 분류 설비
WO2006127012A3 (fr) Detection au moyen d'un flux d'echantillonnage de paquets d'intrusions de reseau
US20080240128A1 (en) VoIP Security
EP2555486A3 (fr) Systèmes de sécurité de réseau basée sur une passerelle à méthodes multiples et procédés
WO2002061510A3 (fr) Profilage d'acces reseau
US10110606B2 (en) Reverse access method for securing front-end applications and others
TW200617705A (en) A method of identifying a distributed denial of service (ddos) attack within a network and defending against such an attack
WO2005036339A3 (fr) Systeme et procede de distribution dynamique de signatures d'intrusion
EP1528743A3 (fr) Procédé et appareil d'analyse et pour le verrouillage d'un flux de données
WO2005059700A3 (fr) Technique d'interception de donnees dans un reseau d'homologues
US20020147925A1 (en) Method and apparatus for protecting a web server against vandals attacks without restricting legitimate access
WO2006078729A3 (fr) Appareil de reseau pour la verification de l'evaluation des vulnerabilites sur plusieurs reseaux
WO2007062010A3 (fr) Procede permettant de repondre a des attaques entrainant un refus de service au niveau de la couche session ou d'une couche superieure
US20170013004A1 (en) Device and method for detecting command and control channel
WO2004070535B1 (fr) Atténuation d'attaques de déni de service
WO2008061171A3 (fr) Procédé permettant de limiter les abus
GB2402856A (en) Audio feedback processing system
WO2002019661A3 (fr) Systeme et procede de defense contre les attaques de refus de service sur des noeuds de reseau
Diibendorfer et al. Host behaviour based early detection of worm outbreaks in internet backbones
Naik et al. Augmented windows fuzzy firewall for preventing denial of service attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06826631

Country of ref document: EP

Kind code of ref document: A2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载